CVE-2020-3165Hard-coded Credentials in Cisco Nx-os Software

CWE-798Hard-coded Credentials4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.6%
top 30.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedFeb 26
Latest updateMay 24

Description

A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (V

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_software9.2(1)
NVDcisco/nx-os4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-ggpf-8579-4r92: A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an un2022-05-24
CVEList
Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability2020-02-26

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software Border Gateway Protocol MD5 Authentication Bypass Vulnerability2020-02-26
CVE-2020-3165 — Hard-coded Credentials in Cisco | cvebase